CallbackHandler handles Bitbucket redirection URI requests and adds the
Bitbucket access token and User to the ctx. If authentication succeeds,
handling delegates to the success handler, otherwise to the failure
handler.

StateHandler checks for a state cookie. If found, the state value is read
and added to the ctx. Otherwise, a non-guessable value is added to the ctx
and to a (short-lived) state cookie issued to the requester.

Implements OAuth 2 RFC 6749 10.12 CSRF Protection. If you wish to issue
state params differently, write a http.Handler which sets the ctx state,
using oauth2 WithState(ctx, state) since it is required by LoginHandler
and CallbackHandler.